Merge pull request #387 from anchore/add-rpmdb-extra-fields

Expand RPM DB fields

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/adrg/xdg v0.2.1
 	github.com/alecthomas/jsonschema v0.0.0-20210301060011-54c507b6f074
 	github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf
-	github.com/anchore/go-rpmdb v0.0.0-20201106153645-0043963c2e12
+	github.com/anchore/go-rpmdb v0.0.0-20210415132930-2460011e83c6
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
 	github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6

go.sum

@@ -109,14 +109,12 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf h1:DYssiUV1pBmKqzKsm4mqXx8artqC0Q8HgZsVI3lMsAg=
 github.com/anchore/client-go v0.0.0-20210222170800-9c70f9b80bcf/go.mod h1:FaODhIA06mxO1E6R32JE0TL1JWZZkmjRIAd4ULvHUKk=
-github.com/anchore/go-rpmdb v0.0.0-20201106153645-0043963c2e12 h1:xbeIbn5F52JVx3RUIajxCj8b0y+9lywspql4sFhcxWQ=
-github.com/anchore/go-rpmdb v0.0.0-20201106153645-0043963c2e12/go.mod h1:juoyWXIj7sJ1IDl4E/KIfyLtovbs5XQVSIdaQifFQT8=
+github.com/anchore/go-rpmdb v0.0.0-20210415132930-2460011e83c6 h1:wEN3HXc3VuC4wo7Cz27YCpeQ4gaB5ASKwMwM5GdFsew=
+github.com/anchore/go-rpmdb v0.0.0-20210415132930-2460011e83c6/go.mod h1:8jNYOxCJC5kyD/Ct4MbzsDN2hOhRoCAzQcb/7KdYYGw=
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0vW0nnNKJfJieyH/TZ9UYAnTZs5/gHTdAe8=
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/stereoscope v0.0.0-20210412194439-0b9e0281ef0c h1:iAkv8iBnbHQzcROt55IbEh7r7qUJxj64E8bM4EnaBlA=
-github.com/anchore/stereoscope v0.0.0-20210412194439-0b9e0281ef0c/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
 github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6 h1:g9ZS2V/T0wxseccI4t1hQTqWBek5DVOQZOzzdWBjwnU=
 github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=

schema/json/schema-1.1.0.json

@@ -801,7 +801,10 @@
         "path",
         "mode",
         "size",
-        "sha256"
+        "digest",
+        "userName",
+        "groupName",
+        "flags"
       ],
       "properties": {
         "path": {
@@ -813,7 +816,16 @@
         "size": {
           "type": "integer"
         },
-        "sha256": {
+        "digest": {
+          "$ref": "#/definitions/Digest"
+        },
+        "userName": {
+          "type": "string"
+        },
+        "groupName": {
+          "type": "string"
+        },
+        "flags": {
           "type": "string"
         }
       },

syft/pkg/cataloger/rpmdb/parse_rpmdb.go

@@ -6,6 +6,8 @@ import (
 	"io/ioutil"
 	"os"
 
+	"github.com/anchore/syft/syft/file"
+
 	rpmdb "github.com/anchore/go-rpmdb/pkg"
 	"github.com/anchore/syft/internal"
 	"github.com/anchore/syft/internal/log"
@@ -79,10 +81,16 @@ func extractRpmdbFileRecords(resolver source.FilePathResolver, entry *rpmdb.Pack
 		//only persist RPMDB file records which exist in the image/directory, otherwise ignore them
 		if resolver.HasPath(record.Path) {
 			records = append(records, pkg.RpmdbFileRecord{
-				Path:   record.Path,
-				Mode:   pkg.RpmdbFileMode(record.Mode),
-				Size:   int(record.Size),
-				SHA256: record.SHA256,
+				Path: record.Path,
+				Mode: pkg.RpmdbFileMode(record.Mode),
+				Size: int(record.Size),
+				Digest: file.Digest{
+					Value:     record.Digest,
+					Algorithm: entry.DigestAlgorithm.String(),
+				},
+				UserName:  record.Username,
+				GroupName: record.Groupname,
+				Flags:     record.Flags.String(),
 			})
 		}
 	}

syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go

@@ -5,6 +5,8 @@ import (
 	"os"
 	"testing"
 
+	"github.com/anchore/syft/syft/file"
+
 	"github.com/anchore/syft/syft/source"
 
 	"github.com/anchore/syft/syft/pkg"
@@ -105,10 +107,14 @@ func TestParseRpmDB(t *testing.T) {
 						Vendor:    "",
 						Files: []pkg.RpmdbFileRecord{
 							{
-								Path:   "/usr/local/bin/dive",
-								Mode:   33261,
-								Size:   12406784,
-								SHA256: "81d29f327ba23096b3c52ff6fe1c425641e618bc87b5c05ee377edc650afaa55",
+								Path: "/usr/local/bin/dive",
+								Mode: 33261,
+								Size: 12406784,
+								Digest: file.Digest{
+									Algorithm: "sha256",
+									Value:     "81d29f327ba23096b3c52ff6fe1c425641e618bc87b5c05ee377edc650afaa55",
+								},
+								// note: there is no username, groupname, or flags for this RPM
 							},
 						},
 					},

syft/pkg/rpmdb_metadata.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"sort"
 
+	"github.com/anchore/syft/syft/file"
+
 	"github.com/scylladb/go-set/strset"
 
 	"github.com/anchore/syft/syft/distro"
@@ -30,10 +32,13 @@ type RpmdbMetadata struct {
 
 // RpmdbFileRecord represents the file metadata for a single file attributed to a RPM package.
 type RpmdbFileRecord struct {
-	Path   string        `json:"path"`
-	Mode   RpmdbFileMode `json:"mode"`
-	Size   int           `json:"size"`
-	SHA256 string        `json:"sha256"`
+	Path      string        `json:"path"`
+	Mode      RpmdbFileMode `json:"mode"`
+	Size      int           `json:"size"`
+	Digest    file.Digest   `json:"digest"`
+	UserName  string        `json:"userName"`
+	GroupName string        `json:"groupName"`
+	Flags     string        `json:"flags"`
 }
 
 // RpmdbFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)